插入抱怨语法的查询
本文关键字:查询 语法 插入 | 更新日期: 2023-09-27 18:14:05
我试图从c#窗口形式插入记录访问2007数据库,但我得到这个错误-
Error: INSERT INTO语句语法错误。类型为"System.Data.OleDb"的第一次机会异常。在System.Data.dll中发生OleDbException
但是我没有看到我的代码有任何问题-
try
{
string sday = "Sun";
s1 = comboBox180.SelectedItem.ToString();
t1 = comboBox10.SelectedItem.ToString();
d1 = comboBox17.SelectedItem.ToString();
string bla="XYZ";
aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code,day,period_no,teacher1,time1,teacher2,time2,teacher3,time3,teacher4,time4,teacher5,time5,teacher6,time6,teacher7,time7,teacher8,time8,teacher9,time9,teacher10,time10,teacher11,time11,teacher12,time12) VALUES ('" + code + "','" +sday+"','" + no_of_period + "','" + t1 + "','" + d1 + "','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"','"+bla+"')", main_connection);
int check = aCommand5.ExecuteNonQuery();
if (check == 1)
{
MessageBox.Show("Data Saved");
}
}
catch (OleDbException oldex)
{
Console.WriteLine("Error: {0}", oldex.Errors[0].Message);
}
t1和d1都是字符串变量
首先,您应该始终使用参数化查询。这类代码对SQL注入攻击是开放的。
其次,DAY是MS Access 2007的保留关键字。您应该使用方括号,如[day];
aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code, [day], period_no, teacher1, time1, teacher2, time2, teacher3, time3, teacher4, time4, teacher5, time5, teacher6, time6, teacher7, time7, teacher8, time8, teacher9, time9, teacher10, time10, teacher11, time11, teacher12, time12)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
main_connection);
aCommand5.Parameters.AddWithValue("@p1", code);
aCommand5.Parameters.AddWithValue("@p2", sday);
aCommand5.Parameters.AddWithValue("@p3", no_of_period);
aCommand5.Parameters.AddWithValue("@p4", t1);
aCommand5.Parameters.AddWithValue("@p5", d1);
aCommand5.Parameters.AddWithValue("@p6", bla);
aCommand5.Parameters.AddWithValue("@p7", bla);
aCommand5.Parameters.AddWithValue("@p8", bla);
aCommand5.Parameters.AddWithValue("@p9", bla);
aCommand5.Parameters.AddWithValue("@p10", bla);
aCommand5.Parameters.AddWithValue("@p11", bla);
aCommand5.Parameters.AddWithValue("@p12", bla);
aCommand5.Parameters.AddWithValue("@p13", bla);
aCommand5.Parameters.AddWithValue("@p14", bla);
aCommand5.Parameters.AddWithValue("@p15", bla);
aCommand5.Parameters.AddWithValue("@p16", bla);
aCommand5.Parameters.AddWithValue("@p17", bla);
aCommand5.Parameters.AddWithValue("@p18", bla);
aCommand5.Parameters.AddWithValue("@p19", bla);
aCommand5.Parameters.AddWithValue("@p20", bla);
aCommand5.Parameters.AddWithValue("@p21", bla);
aCommand5.Parameters.AddWithValue("@p22", bla);
aCommand5.Parameters.AddWithValue("@p23", bla);
aCommand5.Parameters.AddWithValue("@p24", bla);
aCommand5.Parameters.AddWithValue("@p25", bla);
aCommand5.Parameters.AddWithValue("@p26", bla);
aCommand5.Parameters.AddWithValue("@p27", bla);
aCommand5.ExecuteNonQuery();
语法错误的来源是单词DAY。它是MS-Access 2007中的保留关键字,因此,您需要用方括号
封装它。 aCommand5 = new OleDbCommand("INSERT INTO weekly(batch_code,[day],.....")
然而,让我说这是我见过的最糟糕的字符串连接情况。不要使用字符串连接来构建sql查询,使用ALWAYS参数化查询
这是使用参数化查询
构建sql语句的示例 aCommand5 = new OleDbCommand("INSERT INTO weekly (batch_code,day,period_no,teacher1,time1," +
"teacher2,time2,teacher3,time3,teacher4,time4, " +
"teacher5,time5,teacher6,time6,teacher7,time7,teacher8,time8,"+
"teacher9,time9,teacher10,time10,teacher11,time11,teacher12,time12)"+
"VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?",
main_connection);
aCommand5.Parameters.AddWithValue("@p1", code);
aCommand5.Parameters.AddWithValue("@p2", sday);
.... and so on for the other 25 parameters
.....
aCommand5.ExecuteNonQuery();
这样,你就把正确解析值的工作留给框架代码,避免了单引号、小数点、日期格式等方面的语法错误。还可以避免Sql注入问题
注意该字段的数据库类型是否正确。如果您有一个字段数字或日期时间,请记住调用适当的Convert。使用AddWithValue